Tong Zhou

Hi, I am Tong (周桐 in Chinese) and welcome to my page! I’m currently a third-year PhD student in the Department of Electrical & Computer Engineering at Northeastern University, Boston, advised by Prof. Xiaolin Xu. Before that, I earned my master’s degree from University of Michigan, Ann Arbor, in 2019, and my bachelor’s degree (with honors) from Xidian University, Xi’an, in 2015.

My research focuses on three key areas in artificial intelligence (AI): security, privacy, and efficiency. This involves protecting the intellectual property of machine learning (ML) models, safeguarding user privacy, and optimizing the deployment of these models. I am dedicated to developing innovative solutions that mitigate risks and vulnerabilities in the application of ML models, ultimately contributing to the advancement of trustworthy and efficient AI.

I have recently been working on security issues in generative AI, with a specific emphasis on achieving reliable AI detection and implementing regulations to ensure its safe usage and mitigate the risk of abuse. If you find these topics interesting and would like to collaborate, please feel free to send me an email.

news

Feb 26, 2024	Our work TBNet is accepted by DAC 2024!
Jan 16, 2024	Our work ArchLock is accepted by ICLR 2024! 🎉

selected publications

ICLR

ArchLock: Locking DNN Transferability at the Architecture Level with a Zero-Cost Binary Predictor

Tong Zhou, Shaolei Ren, and Xiaolin Xu

In The Twelfth International Conference on Learning Representations, 2024

Abs PDF Code

Deep neural network (DNN) models are vulnerable to misuse by attackers who try to adapt them to other tasks. Existing defenses focus on model parameters, neglecting architectural-level defenses. This paper introduces ArchLock, a method utilizing neural architecture search (NAS) and zero-cost proxies to generate models with low transferability, hindering attackers’ attempts. ArchLock maintains high performance on the original task while minimizing performance on potential target tasks.
ICML

NNSplitter: An Active Defense Solution for DNN Model via Automated Weight Obfuscation

Tong Zhou, Yukui Luo, Shaolei Ren, and Xiaolin Xu

In Proceedings of the 40th International Conference on Machine Learning, 23–29 jul 2023

Abs PDF Code

NNSplitter is a novel IP protection scheme for DNN models, dividing them into an obfuscated portion stored in normal memory and model secrets stored in secure memory. The obfuscated model, with perturbed weights, hampers attackers’ efforts, while authorized users accessing secure memory achieve high performance. This approach ensures protection against adaptive attacks, maintaining security for DNN models.
ICCAD

ObfuNAS: A Neural Architecture Search-based DNN Obfuscation Approach (Best Paper Nomination)

Tong Zhou, Shaolei Ren, and Xiaolin Xu

In Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design, 23–29 jul 2022

Abs PDF Code

ObfuNAS tackles the threat of malicious architecture extraction in DNN security. By converting architecture obfuscation into a neural architecture search problem, it ensures that obfuscated models perform worse than the original.